Key server (cryptographic)

A key server or key server provides access to public keys used in asymmetric cryptosystems to a person encrypted messages - to send or to verify their signatures - for example, by e -mail. In particular, a key server provides a convenient, but not always cryptographically secure way to update key that is required to check whether a key is still valid or has been withdrawn.

Many of these servers are available to the public because the information stored on the server representing the public component of the key pair and normal keys the most rapid and widespread distribution is desirable. However, the key server are public not only for reading but also for writing. They range data only, but they usually do not authenticate (an exception is when PGP keyserver checking the e- mail addresses ). The authentication key must therefore be done in another way; this problem does not exist with updates.

On a key server for each user registered there is at least one associated public key, which is usually also contains one or more e -mail addresses and user names. Such a server can be searched by name, e- mail addresses and key IDs.

Known programs that use these kinds of asymmetric encryption, are the free GnuPG and the proprietary PGP. A known server software is the SKS keyserver. In SKS pool are now (2012 ) more than three million keys.

Alleged problems

Inexperienced users frequently complain that it is not possible in virtually all key servers or key server Connected to delete a key or parts thereof, as soon as they were once published.

Frequent argument for the motivation for this are forgotten passwords for the private key. But this is a misconception because a public key does not require proliferation control. You can also hand over these attackers without security risks. A publication of public keys means the loss of control over the distribution in each case. Whether with or without key server does not matter, because at least on the local keyrings, in which land the key, no interference is possible. A forgotten password for the private key just means that you can sign / decrypt any new messages. Also, you can not post new revocation signatures (which invalidate the whole key ) generate, which can be a security problem may, especially in keys whose validity does not expire. Obtain you a new key pair, you do it all communication partners easy to get to the new public key, if you copied it to a key server. The continued existence of the old public key is not a problem, on the contrary, even necessary, because these older public key needed to verify the signatures already received messages.

Would it be possible to delete individual keys or parts thereof, an attacker could it unpleasant parts (such as revocation certificates) remove, which would have significant impact on the security and the encryption system (see Public Key Infrastructure ) would virtually destroy.

Problem and Privacy Policy

Key server can be misused as a source of e- mail addresses, for example, the sending of spam.

Furthermore, attached signatures (see Web of Trust) analyzed and thus the participation of the key owner can be identified in social networks.

Many web servers allow by default, for example adding image information. Thus, a link between the published data are made, what data protection limits.

Worsened by the fact that a great danger of misplaced or improperly used certificates emanates. Abuses can be reversed under any circumstances, so here the Informational self- determination can be injured.

Another privacy issue is that you can not currently control which signatures will be added to a key on a keyserver, because the keyserver accept all signatures. In general, this is not problematic, but it is conceivable that someone deliberately wants to publish only certain signatures, about the anonymity of a key not to endanger. In addition, a denial of service attack conceivable by someone signatures adds a key in huge numbers and this makes it unusable. The OpenPGP standard supports the formal way to solve this problem with the flag keyserver no -modify already. However, this is so far no consequences, since the mass of the keyserver this flag is not observed, because the cryptographic verification would be associated with a comparatively high amount of computational power. In addition, the keyserver from their mutual synchronization, which would be associated with serious problems if ignored only part of the server, this flag within a group living.